From 88298994053f509e2b0183fbebbdd9dba9d00150 Mon Sep 17 00:00:00 2001 From: Brian Somers Date: Mon, 9 Jul 2001 00:07:56 +0000 Subject: [PATCH] Add a ``nat proto'' command -- similar to natd(8)'s -redirect_proto switch. MFC after: 3 weeks --- usr.sbin/ppp/command.c | 2 ++ usr.sbin/ppp/nat_cmd.c | 68 ++++++++++++++++++++++++++++++++++++++++++ usr.sbin/ppp/nat_cmd.h | 1 + usr.sbin/ppp/ppp.8 | 23 ++++++++++++++ usr.sbin/ppp/ppp.8.m4 | 23 ++++++++++++++ 5 files changed, 117 insertions(+) diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index 48b2c93342ef..4a111545507d 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -632,6 +632,8 @@ static struct cmdtab const NatCommands[] = (const void *) PKT_ALIAS_LOG}, {"port", NULL, nat_RedirectPort, LOCAL_AUTH, "port redirection", "nat port proto localaddr:port[-port] aliasport[-aliasport]"}, + {"proto", NULL, nat_RedirectProto, LOCAL_AUTH, "protocol redirection", + "nat proto proto localIP [publicIP [remoteIP]]"}, {"proxy", NULL, nat_ProxyRule, LOCAL_AUTH, "proxy control", "nat proxy server host[:port] ..."}, {"same_ports", NULL, NatOption, LOCAL_AUTH, diff --git a/usr.sbin/ppp/nat_cmd.c b/usr.sbin/ppp/nat_cmd.c index a4bdbb308210..05ede84fe204 100644 --- a/usr.sbin/ppp/nat_cmd.c +++ b/usr.sbin/ppp/nat_cmd.c @@ -229,6 +229,74 @@ nat_RedirectAddr(struct cmdargs const *arg) } +int +nat_RedirectProto(struct cmdargs const *arg) +{ + if (!arg->bundle->NatEnabled) { + prompt_Printf(arg->prompt, "nat not enabled\n"); + return 1; + } else if (arg->argc >= arg->argn + 2 && arg->argc <= arg->argn + 4) { + struct in_addr localIP, publicIP, remoteIP; + struct alias_link *link; + struct protoent *pe; + int error, len; + + len = strlen(arg->argv[arg->argn]); + if (len == 0) { + prompt_Printf(arg->prompt, "proto redirect: invalid protocol\n"); + return 1; + } + if (strspn(arg->argv[arg->argn], "01234567") == len) + pe = getprotobynumber(atoi(arg->argv[arg->argn])); + else + pe = getprotobyname(arg->argv[arg->argn]); + if (pe == NULL) { + prompt_Printf(arg->prompt, "proto redirect: invalid protocol\n"); + return 1; + } + + error = StrToAddr(arg->argv[arg->argn + 1], &localIP); + if (error) { + prompt_Printf(arg->prompt, "proto redirect: invalid src address\n"); + return 1; + } + + if (arg->argc >= arg->argn + 3) { + error = StrToAddr(arg->argv[arg->argn + 2], &publicIP); + if (error) { + prompt_Printf(arg->prompt, "proto redirect: invalid alias address\n"); + prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name, + arg->cmd->syntax); + return 1; + } + } else + publicIP.s_addr = INADDR_ANY; + + if (arg->argc == arg->argn + 4) { + error = StrToAddr(arg->argv[arg->argn + 2], &remoteIP); + if (error) { + prompt_Printf(arg->prompt, "proto redirect: invalid dst address\n"); + prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name, + arg->cmd->syntax); + return 1; + } + } else + remoteIP.s_addr = INADDR_ANY; + + link = PacketAliasRedirectProto(localIP, remoteIP, publicIP, pe->p_proto); + if (link == NULL) { + prompt_Printf(arg->prompt, "proto redirect: packet aliasing" + " engine error\n"); + prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name, + arg->cmd->syntax); + } + } else + return -1; + + return 0; +} + + static int StrToAddr(const char *str, struct in_addr *addr) { diff --git a/usr.sbin/ppp/nat_cmd.h b/usr.sbin/ppp/nat_cmd.h index 61077729144b..47f38ee238a6 100644 --- a/usr.sbin/ppp/nat_cmd.h +++ b/usr.sbin/ppp/nat_cmd.h @@ -31,6 +31,7 @@ struct cmdargs; extern int nat_RedirectPort(struct cmdargs const *); extern int nat_RedirectAddr(struct cmdargs const *); +extern int nat_RedirectProto(struct cmdargs const *); extern int nat_ProxyRule(struct cmdargs const *); extern int nat_SetTarget(struct cmdargs const *); diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index 7b684c89cd7b..e74e2cd2d710 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -3370,6 +3370,28 @@ or a range of ports the same size as the other ranges. This option is useful if you wish to run things like Internet phone on machines behind your gateway, but is limited in that connections to only one interior machine per source machine and target port are possible. +.It nat proto Ar proto localIP Op Ar publicIP Op Ar remoteIP +This command tells +.Nm +to redirect packets of protocol type +.Ar proto +.Pq see Xr protocols 5 +to the internall address +.Ar localIP . +.Pp +If +.Ar publicIP +is specified, only packets destined for that address are matched, +otherwise the default alias address is used. +.Pp +If +.Ar remoteIP +is specified, only packets matching that source address are matched, +.Pp +This command is useful for redirecting tunnel endpoints to an internal machine, +for example: +.Pp +.Dl nat proto ipencap 10.0.0.1 .It "nat proxy cmd" Ar arg Ns No ... This command tells .Nm @@ -5646,6 +5668,7 @@ This socket is used to pass links between different instances of .Xr crontab 5 , .Xr group 5 , .Xr passwd 5 , +.Xr protocols 5 , .Xr radius.conf 5 , .Xr resolv.conf 5 , .Xr syslog.conf 5 , diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index 7b684c89cd7b..e74e2cd2d710 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -3370,6 +3370,28 @@ or a range of ports the same size as the other ranges. This option is useful if you wish to run things like Internet phone on machines behind your gateway, but is limited in that connections to only one interior machine per source machine and target port are possible. +.It nat proto Ar proto localIP Op Ar publicIP Op Ar remoteIP +This command tells +.Nm +to redirect packets of protocol type +.Ar proto +.Pq see Xr protocols 5 +to the internall address +.Ar localIP . +.Pp +If +.Ar publicIP +is specified, only packets destined for that address are matched, +otherwise the default alias address is used. +.Pp +If +.Ar remoteIP +is specified, only packets matching that source address are matched, +.Pp +This command is useful for redirecting tunnel endpoints to an internal machine, +for example: +.Pp +.Dl nat proto ipencap 10.0.0.1 .It "nat proxy cmd" Ar arg Ns No ... This command tells .Nm @@ -5646,6 +5668,7 @@ This socket is used to pass links between different instances of .Xr crontab 5 , .Xr group 5 , .Xr passwd 5 , +.Xr protocols 5 , .Xr radius.conf 5 , .Xr resolv.conf 5 , .Xr syslog.conf 5 ,